5 signs you’ve been hacked

Date Posted: May 27, 2016

If you own and run a website or blog, you’ve probably heard about keeping your site up-to-date with upgrades and security patches. What you don’t hear as much about are the actual signs that indicate a hack may have taken place on your website. Signs may be “in your face,” for example, your website displays an error or blank screen. They can also be subtle, for example, people start emailing you to say your site is sending out spam. Here are five common signs that may indicate your site has been hacked.



Your website appears to be slower than usual

If your website has generally been fast to load but you’re getting complaints that it is now very slow, this may be an indication that your site has been hacked. Slowness in itself doesn’t mean a hack. It may mean your hosting provider has changed the speed of service it’s providing you. However, if you go to your website and look at the lower left-hand corner of the browser where the message bar tells you what is loading and you notice that it’s loading site names or image names that you don’t recognize, this is a sign that your site may have been hacked. Loading those extra sites and images—which won’t be doing you or your visitors any good—may be what’s increasing your site’s load time.

People accessing your website get randomly taken to other sites

Picture this: One minute someone is on your website, and the next minute they’ve been whisked away to another site without having clicked on anything. This is a classic example of a hack where links are injected into the html of a website to take your visitor to another site they never intended to visit. Sometimes this occurs with popup windows, although most browsers now block pop-ups by default.

Your website appears as a blank screen

Let’s say one day you go to show a friend your website. You type in the website address and find a blank white screen. After refreshing several times, not only do you feel a little silly but you have to break the news to your friend that your website seems to be down. This could be a sign of several things: hosting provider problems, configuration problems or possibly a hack. If you have access to your website files and are able to retrieve a file listing, take a look at the dates files were modified. When files (other than images) have been modified on dates when no work was done on your site, it’s a good indicator that something is amiss. If you don’t know how to access website files—which is most people, don’t worry—you can contact the company that maintains your website and ask them what might be going on with your site.

Google flags your site as being potentially harmful

Many times people search for their own website on Google to see where they show up in the search results. Often we hear about people doing this and discovering that the search engine has flagged their website as being potentially harmful. When search engines index a website, they may also look for malware and other compromises to the site so that they can warn their own users that a site may be harmful to their computers if they decide to click. Google offers a way to remove this message once the infection has been cleaned from the website.

Your website appears to be sending out spam email

You’re checking your email one day and receive some bounce back emails stating the mail was not able to be delivered. You don’t recognize the address it was sent to or the email subject and it looks a lot like spam. This is a sign that one of your domain email addresses or a form on your website is being used to send out spam. Keep in mind, though, that an email account may be compromised by simply having malware or a virus on your desktop computer and your website may not be the problem.

So now what do you do?

If you see one or more of these signs, you need professional help! Contact your website hosting company or the company that built your website, whichever one you have the best relationship with. They should be able to diagnose the problem for you and tell you what’s required to fix it. They’ll check for hidden error messages, view site logs, and check your website source to look for injected code and more.

Fixes may include keeping plugins and site code secure; updating your website content management system (for example, WordPress); and adding Captcha security codes on your website forms to help prevent automated “bots” from submitting the forms and sending out spam on your behalf. If your site has been flagged as potentially harmful by a search engine, your website company can also take the necessary steps to request a delisting.

Our Certifications